I'm very anxious about my online security, and I lack the advanced skills to validate whether I'm truly safe.<p>I do all the usual things; I use a password manager, enable 2FA on critical accounts, never give my passwords or passcodes to anyone, even those I trust.<p>However I constantly stumble on the same question: if a hacker found a crack in my defenses, to what extent could they wreck my life? Today I nearly fell victim to a spearphishing attempt. I hung up before any damage was done, but the experience shook me up.<p>I've been considering hiring a white-hat hacker to essentially do a dry-run of what a malicious actor would do to me if I were their target. How far could they get? How much of my personal information could they glean? What accounts could they access by abusing that information?<p>My question is twofold:
* Is this a good idea? Or is putting my security in the hands of a third-party equally dangerous?
* If hiring someone is ill-advised, are there guides for securing myself to a point where I am safe from the majority of attacks?
Sorry to hear, you did well though given no one has their guard up 24/7 and that's what they rely on in that case! There's a few solid guides on how to minimize the possibility of lateral movement, privilege escalation, forgery and so on without having to think through the inner workings of every attack vector under the sun (would say the most thorough is <a href="https://attack.mitre.org/versions/v14/mitigations" rel="nofollow">https://attack.mitre.org/versions/v14/mitigations</a>). Could also provide some help beyond that this weekend (been a slow week) at no cost, e-mail's in the profile :) used to have all the bells and whistles a white hat could have like disclosed vulns, talks at conferences and whatnot years ago before going into ML if that matters haha.